Employee Training: The Key to Security in Enterprise Mobility

New devices and operating systems are making it difficult to implement Bring Your Own Device policies, but employee training is a good place to start.

Building a secure Bring Your Own Device environment is becoming a bigger challenge for IT organizations as the number of different devices and operating systems that must be secured is increasing, a number of CIO’s in the financial services sector said during a roundtable session at Interop New York.

BYOD has become a necessity particularly for trading and investment teams. “Investment pros will tell you their no. 1 limit on their productivity is the hours of the day. With mobile they can have more productive hours in the day,” said Kurt Brungardt, one of the panelists and the CIO of MSD Capital.

As the business side pushes for more productivity out of its workers, it can increase the pressure on IT to provide new mobile capabilities that may still have some security concerns around them, Brugardt added.

All of the capital markets CIO’s at the roundtable said their organization had a BYOD policy. But it can be a struggle incorporating a number of different devices and operating systems securely. While some of them said they are phasing out BlackBerrys from their workforce, they now are required to cover new devices such as Android tablets and airbooks. “I have a few Windows phone users [in my organization] and they absolutely love the software. They would never give up those devices,” Suhit Gupta, the CTO and a principal at Mapt Technologies, noted.

And it’s important to remember that the enterprise mobility space is still young, and the number of solutions delivering enterprise content to mobile devices are increasing as well. “Four or five years ago MobileIron was the only player in this space. When we were looking at a new solution last year, we had many options. We looked at Good and Airwatch,” Gupta recalled.

While this space continues to mature, and more devices and operating systems proliferate, IT executives can still get to work now on raising awareness among their staff of security issues related to enterprise mobility, said Arthur Vaccaro, CTO of Ionic Capital Management LLC. “We’ve integrated data management training into our compliance training with new employees,” he shared. “It is so important that users understand that they have the power to destroy the firm in their hand [with these mobile devices]. Raising that awareness has been very valuable for us.”

Jonathan Camhi has been an associate editor with Bank Systems & Technology since 2012. He previously worked as a freelance journalist in New York City covering politics, health and immigration, and has a master's degree from the City University of New York's Graduate School ... View Full Bio

Interesting. Apple has pretty much ignored the enterprise space since it launched the iPhone years ago. The strategy has been to focus on the consumer...and, obviously, that has worked for Apple.

But now that more people only want to carry 1 phone and are pushing their employers to adopt BYOD policies, it makes sense for Apple to make it easier for consumers to use the iPhone in the enterprise by including MDM capabilities. I'm sure it is jsut part of Apple's secret plan for world dominance :).

Yes financial services organizations are going to need to work with regulators to make sure they are clear about what is expected for a BYOD policy, and then will to turn around and try to work with the handset makers to help meet those expectations. It's a pretty tall order that will require a lot of collaboration. On the plus side even Apple is starting to recognize that enterprise mobility is growing in importance, and enabled some new mobile device management capabilities with the new iPhone.

One of my take-aways from Interop is around the pervasiveness of BYOD and the fact that most businesses are unprepared to deal with it in a comprehensive way. If they are focused on security they ignore the user/employee experience; if focused on convenience/experience, perhaps are overlooking legal/compliance considerations around e-discovery, privacy, etc. To some extent it's not surprising as mobile has become pervasive much more rapidly than, say, the PC or laptop. But sounds like we need some massive wake-up calls across financial services and other industries.